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AMENDMEN TS TO THE CLAIMS 



Claims pending 

• At time of the Action: Claims 1-37. 

* After this Response: Claims 1 and 3-41 - 
Canceled or Withdrawn claims: 2. 
Amended claims: 1, 3-5, 7-20, 22-31 and 33-37. 
New claims; 38-41* 

1 . (Cuirently Amended) A method for processing a permission set associated with a 
code assembly received from a resource location to control execution of the code assembly, 

the method comprising: 

receiving the permission set including at least one permission associated with the 

code assembly; 

receiving a set of requestable permissions p ormicoion request cat in association with 

the code assembly; and 

filtering tho permission oot baaod on th e penrusflion reguoat sot to control oxooution c 
th n r . nrfi> n^amrily generating a arantable permission *ftt from a subset of the permission set 
specified bv the set of requestable permissions p rior to run-time execution of the code 



assembly . 



2. (Canceled). 
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3. (Currently Amended) The method of claim 1 wherein the filtoring generating 
operation comprises: 



comprising : 

comparing the permission set and a minimum permission condition specified bv the 
set of requestable permissions: and 

preventing loading of the code assembly, if the permission set fails to satisfy the 
minimum permission condition. 

5. (Currently Amended) The method of claim 1 wherein th e permission r e qu e st s e t 
specifics a minimum p e rmission condition and tho filtoring operation compris e s further 
comprising: 

preventing execution of the code assembly, if the permission set foils to satisfy &e-a 
minimum permission conditio n specified by the set of requestable permissions ,, 

6. (Original) The method of claim 1 further comprising: 

defining a code group collection based on a security policy specification, the code 
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computing a logical set operation on the permission set and the set of requestable 
permissions p e rmission roquoGt set t o gftnftratft n p a nni.r.mnn grant act the grantable 



permission set 
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gioup collection including one or more code groups; 

receiving evidence associated with the code assembly; 

evaluating membership of the code assembly in the one or more code groups, based 
on the evidence; and 

generating the permission set based on the membership of the code assembly in the 
one or more code groups. 

7- (Currently Amended) The method of claim 1 wherein the p omiioaion r e quest -set of 
requestable permissions s pecifies a plurality of typed permission request sets, each typed 
permission request set specifying a distinct type of permission preference requested in 
association with the code assembly. 

8. (Currently Amended) The method of claim I wherein the set of requestable 
permissions p enmssion roquoot g e t specifies a minimum request set specifying a minimum 
not of p e rmissions r e quoatod p ermission condition i n association with the code assembly. 

9. (Currently Amended) The method of claim 8 wherein the fikeftng-generating 
operation comprises: 

filtering the permission set based on the minimum reque s t s et- p ermission condition t o 
generate a pcrmiaaion grant -se t the grantable permission set such that the p e rmi s sion-grant 
gran table permission set includes a subset of the permission set. 
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10. (Currently Amended) The method of claim 8 further comprising: 
preventing loading of the code assembly, if the minimum fetttee^r^miission 

condition i s not a subset of the permission set. 

11. (Currently Amended) The method of claim 8 further comprising: 
preventing execution of the code assembly, if the minimum request sot permission 

condition i s not a subset of the permission set. 

12. (Currently Amended) The method of claim 1 wherein the set of reqiiestable 
permissions u uiiui^ion roquoot aot specifies on optional roquet act specifying a n optional set 
of permissions mqnnntnd r eanestable i n association with the code assembly. 

13. (Currently Amended) The method of claim_l - 12 whoroin tho filtoring operation 
oompricoD filtering thg permission act based on tho optional request aot to generate a 
pormiooion grant cot; and further comprising: 

executing a first level of code assembly functionality if^-afirst.optional roquont set 
nf permissions snecified in the rwmestable permission set is a subset of the permission grant 
set; and 

executing a second level of code assembly functionality if fee-a second optional 
feqaest-set of permission specified in the reouestable permission set is »et-a subset of the 
permission ^ant-set. 
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14. (Currently Amended) The method of claim 1 wherein th e.set of requestable 
permissions uormiooion ro quest set specifies a refuse request set specifying a set of one or 
more permissions to be omitted from fl -the erantable p ermission great-set associated with the 
code assembly. 

15. (Currently Amended) The method of claim 1 4 wherein the filtering operation 
nntripri He s further comprising : 

omitting the set of one or more permissions specified by the refuse request set from 
tti r pnTTnifinirm jjrnn* nu t set of erantabl e permissions , 

16. (Currently Amended) The method of claim 1 wherein the pormfooion roquoot cot 
set of reauestable permissions i ncludes an optional request set specifying an optional set of 
permissions mqnontod requestable in association with the code assembly and a minimum 
request set specifying a minimum set of permissions roquo D t e d requestabl e i n association 
with the code assembly, and wherein the fikeriflg -generating operation comprises: 

computing a union of the optional request set and th^irimimum request set to provide 
a maximum request set; and 

computing an intersection of the maximum request set and the permission set. 

17. (Currently Amended) The method of claim 16 wherein the pormiooion requ e st s et 
of reauestable permissions further specifies a refuse request set specifying a set of one or 
more permissions to be omitted from «. pnrmi™<itt gmnt net the grantable permissionseL in 



ieeOhayespllc 509*324^256 7 Of 21 ATTORNEY DOCKET NO. MS 1-1 874US 

RESPONSE TO OFFICE ACTION DATED 1 /l 3/2005 APPLICATION NO. 09/599 fi\ 5 



PAGE 11/25 ' RCVD AT 5/12/2005 5:26:42 PM [Eastern Daylight Time] ' SVR:USPT0-EFXRF-1/1 ' DNIS:8729306* CSID:509 323 8979* DURATION (mm-ss):06-20 



MAY 12 2005 14=50 FR LEE - HAYES PLL 509 323 8979 TO 17038729306 



P. 12/25 



associated 



with the code assembly, and wherein the aterifi^enejayng.operation further 



comprises: 

subtracting the set of one or more permissions specified in the refuse request set from 
the intersection of the maximum request set and the permission set. 

18. (Currently Amended) The method of claim 1 wherein the operation of receiving 
the upoimissionroqoontset nf reouestable permissio.ns.comprises; 

receiving the ttanniaflion roquoot s e t . of requestable permissions and the code 
assembly in a single network communication. 

19. (Currently Amended) The method of claim 1 wherein the operation of receiving a 
prtrminnifin request the se t of request ahle permissions comprises: 

retrieving the t i nrminnrn T"T' r * " * permissions in a network 

communication distinct from a network communication in which the code assembly is 
received. 

20. (Currently Amended) A policy manager module for processing a permission set 
associated with a code assembly received from a resource location to control execution of the 
code assembly, the policy manager module comprising: 

a filter receiving the permission set and a set of requestabie permissions .gormission 
roquc ctco ta^pciatfj with the code assembly and filtering the permission set based on the_set 
of requestable permissions permission request oot to oontr i^beforeexecntion of the code 
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assembly. 

21 . (Original) The policy manager module of claim 20 further comprising: 

a permission set generator receiving an evidence set and generating a permission set 
in association with the code assembly, based on the evidence set. 

22. (Currently Amended) The policy manager module of claim 20 wherein the filter 
generates a grantable p ermission gfaatnset from a subset of the permission set specified by 
th e set of requestable permissions pormission roquoot o e t . 

23. (Currently Amended) The policy manager module of claim 20 wherein the filter 
computes a logical set operation on the permission set and the set of requestable permissions 
ponniaaion requ e st s e t t o generate a grantable p ermission great-set 

24. (Currently Amended) The policy manager module of claim 20 wherein the filter 
prevents loading of the code assembly, if the permission set fails to satisfy Ae-a_minimum 
permission conditio n specified by the set of requestable permissions . 

25. (Currently Amended) The policy manager module of claim 20 wherein the filter 
prevents execution of the code assembly, if the permission set fails to satisfy the-a_minimum 
permission condition specified by the set of requestable permissions . 
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26. (Currently Amended) The policy manager module of claim 20 wherein thesetof 
re questable permissions pormiasion roquoot p e t specifies a plurality of typed permission 
request sets, each typed permission request set specifying a distinct type of permission 
preference requested in association with the code assembly. 

27. (Currently Amended) The policy manager module of claim 20 wherein the set of 
requestable permissions p ormiooion r e qu e st set -specifies a minimum request act opooifying a 
minimum set of permissions requestable requested i n association with the code assembly. 

28. (Currently Amended) The policy manager module of claim 20 wherein the set of 
requestable permissions p ermission roquoot get specifies an optional request sot specifying an 
optional set of permissions requestable r equ e st e d i n association with the code assembly- 

29. (Currently Amended) The policy manager module of claim 20 wherein the filter 
generates a grantable p ermission jpaat-set omitting one or more permissions specified in a 
refuse request se t of the set of requestable permissions . 

30. (Currently Amended) The policy manager module of claim 20 wherein the set of 
requestable permissions- pera is s ion rogu e st -se t specifies an optional request set specifying an 
optional set of permissions requestable r oquosted in association with the code assembly and a 
minimum request set specifying a minimum set of permissions requestable r o qu es t e d -in 
association with the code assembly, and wherein the filtering operation comprises: 
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computing a union of the optional request set and minimum request set to provide an 
maximum request set; and 

computing an intersection of the maximum request set and the permission set, 

31 . (Currently Amended) The policy manager module of claim 20 wherein the filter 
generates a grantable p ermission ^aat-set based on an optional request set, the grantable 
permission grant set being associated with a first level of code assembly functionality if the 
optional request set is a subset of the grantable p ermission ^art-set and being associated 
with a second level of code assembly functionality if the optional request set is not a subset 
of the grantable p ermission gffcHt-set. 

32. (Original) The policy manager module of claim 20 further comprising; 

a code group collection generator creating a code group collection based on a security 
policy specification, the code group collection including one or more code groups; 

a membership evaluator determining membership of the code assembly in the one or 
more code groups, based on evidence associated with the code assembly; and 

a permission set generator creating the permission set based on the membership of the 
code assembly in the one or more code groups, 

33. (Currently Amended) A computer data signal embodied in a carrier wave by a 
computing system and encoding a computer program for executing a computer process 
processing a permission set associated with a code assembly received from a resource 
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location to control execution of the code assembly, the computer process comprising: 

receiving the permission set including at least one permission associated with the 
code assembly; 

receiving a set of requestable permissions p e rmi s sion -F ocmo s^s Q l-in association with 
the code assembly; and 

filtering the permission set based on th e set of requestable permissions before run- 
time execution of the code assembly- permi ss ion r e quest s et to control execution of tho codo 
a s sembly . 

34. (Currently Amended) A computer program storage medium readable by a 
computer system and encoding a computer program for executing a computer process 
processing a permission set associated with a code assembly received from a resource 
location, the computer process comprising: 

receiving the permission set including at least one permission associated with the 
code assembly; 

receiving a set of requestable permissions p ermission roouost sot-i n association with 
the code assembly; and 

filtering the permission set based on the set of requestable pemiissions prior to nu> 
time execution of the code assembl y pormiccion r e quest sot to control e x e cution of tho oodo 
aoflombly * 

35, (Currently Amended) A computer program product encoding a computer 
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program for executing on a computer system a computer process processing a permission set 
associated with a code assembly received from a resource location to control execution of the 
code assembly, the computer process comprising: 

defining a code group collection based on a security policy specification, the code 
group collection including one or more code groups; 

receiving evidence associated with the code assembly; 

evaluating membership of the code assembly in the one or more code groups, based 
on the evidence; 

generating the permission set based on the membership of the code assembly in the 
one or more code groups; 

r e c e iving th e permis s ioit - sot - inoteding at looct oiM - pornapfrion ocpooiatod with tho 
cod e ass e mbly; 

receiving a set of requestable permissions p e rmission r e qu e st s e t i n association with 
the code assembly; and 

computing a logical set operation on (he permission set and the set of requestable 
permissions p e rmission requ e st set t o generate a grantable p ermission ^e^set before 
execution of the code assembly , 

36. (Currently Amended) The computer program product of claim 35 wherein the set 
of requestable permissions p e rmiPGion roquost sot i ncludes an optional request set specifying 
an optional set of permissions requestable r oquostod in association with the code assembly 
and a minimum request set specifying a minimum set of permissions requestable r oque s te d-in 
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association with tlie code assembly, and wherein th e computing filt e ring operation 
comprises: 

computing a union of the optional request set and the minimum request set to provide 
a maximum request set; and 

computing an intersection of the maximum request set and the permission set. 

37. (Currently Amended) The computer program of claim 36 wherein the set of 
reouestable permissions p eHai ssion roquoot Got further specifies a refuse request set 
specifying a set of one or more permissions to be omitted from fr-the grantable p ermission 
grant s et in associated with the code assembly, and wherein th e computin g filt e ring operation 
further comprises: 

subtracting the set of one or more permissions specified in the refuse request set from 
the intersection of the maximum request set and the permission set. 

38. (New) The method of claim 1, wherein the set of requestable permissions 
comprise characteristics of the permissions needed by the code assembly. 

39. (New) The method of claim 1, further comprising controlling execution of the 
code assembly based upon the grantable permission set. 

40. (New) The method of claim 39, wherein controlling execution of the code 
assembly comprises: 
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receiving a permission request associated with the code assembly; and 
selectively granting the requested permission as a function of the grantable 
permission set during run-time execution of the code assembly. 

41, (New) The method of claim 1 further comprising: 

executing a basic functionality of the code assembly if an optional set of permissions 
specified in the set of requestable permissions is not a subset of the permission set; and 

executing an enhanced functionality of the code assembly if the optional set of 
permissions specified in the set of requestable permissions is a subset of the permission set. 
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